Search for vulnerabilities
| Vulnerability ID | VCID-n1r2-jqwt-jucp |
| Aliases |
GHSA-5mwf-688x-mr7x
|
| Summary | Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 2.7 |
| Risk | 1.4 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | LOW | https://github.com/advisories/GHSA-5mwf-688x-mr7x |
| generic_textual | LOW | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml |
| generic_textual | LOW | https://github.com/sparklemotion/nokogiri |
| generic_textual | LOW | https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/sparklemotion/nokogiri | ||
| https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vvfq-8hwr-qm4m | ||
| GHSA-5mwf-688x-mr7x | https://github.com/advisories/GHSA-5mwf-688x-mr7x | |
| GHSA-vvfq-8hwr-qm4m.yml | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-03-28T16:48:22.889265+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml | 36.0.0 |